Entries in Cyber Security (11)


Facebook Beefs Up Security With New Anti-Virus Marketplace

Justin Sullivan/Getty Images(LOS ANGELES) -- Facebook has partnered with anti-virus software companies, including Microsoft, McAfee, TrendMicro, Sophos and Symantec, and is announcing Wednesday two major security steps.

Facebook will now incorporate the malicious URL databases from these security software companies into its URL blacklist systems. That means that whenever any of the 845 million people who use Facebook click a link they will be protected by this back-end system, and hopefully blocked from going to a malicious or unsafe site.

“We are excited to be partnering with leaders in the anti-virus industry to better protect our users both on and off of Facebook,” Facebook’s Chief Security Officer, Joe Sullivan, told ABC News. “Starting today, we will be incorporating the combined intelligence of these vendors to Facebook’s existing database of malicious URLs, and offering a wide selection of anti-virus software to our users.”

That part about offering anti-virus software is the second major security move Facebook is making. Facebook is rolling out a new AV (Anti-Virus) Marketplace for Facebook users. Any Facebook user will now be able to download free anti-virus software from Microsoft, McAfee, TrendMicro, Sophos, or Symantec at Facebook had an existing program like this with McAfee, but Facebook is putting more emphasis now on these offerings with a dedicated page.

Facebook and its software partners will provide six months of protection.  While these programs help with more than URL protection and Facebook activity, Facebook maintains that this will help protect users on and off the website. The AV Marketplace is now up and running on

Copyright 2012 ABC News Radio


Should Companies Be Required to Disclose Cyber Attacks?

Lee/Bloomberg via Getty Images(NEW YORK) -- The Securities and Exchange Commission is now advising publicly traded companies such as Bank of America to disclose harmful cyber attacks as a part of their annual reporting procedure to federal regulators.

The SEC laid out guidance last week; the advisory coming out less than two weeks after Bank of America denied allegations of a cyber attack against its consumer website. The bank attributed the disruption in service to “high volume.”

 “This guidance fundamentally changes the way companies will address cybersecurity in the 21st century,” Sen. Jay Rockefeller, D-W.V., in a statement. “For years, cyber risks and incidents material to investors have gone unreported in spite of existing legal obligations to disclose them.”

Under the old guidelines, companies were not obligated to disclose cyber attacks to investors because they did not technically constitute a material loss.  But many experts estimate that U.S. companies have already lost billions of dollars to foreign competitors in the form of intellectual property rights.

But some companies are choosing to ignore cyber threats out of financial hardship.  The computer security firm McAfee found that more than half of all companies surveyed in 2008 did not pursue investigations into a cyber incident because of cost.

Copyright 2011 ABC News Radio


Are You Safe from Growing Number of Cyber Attacks?

Jupiterimages/Thinkstock(NEW YORK) -- The websites of Sega, Sony, Citibank, and the U.S. Senate have all been hit by hackers.

In Sega's case, the firm said over the weekend that the attackers got access to account information for 1.3 million users.  And that wasn't even unusual.

Somewhere out there are loosely-organized shadow groups -- there's one that calls itself Anonymous, another that registered a website in the Bahamas under the name Lulz Security -- trying to take credit for some of the more public attacks.

Security consultants said you're probably safe if you take precautions -- such as deleting emails from strangers and changing your passwords regularly.  Most firms that handle sensitive data, such as credit card numbers, try to stay a step ahead of the intruders.  But it's full-time work.

Hacking -- once seen as the pastime of geeky teenagers who didn't have better things to do with their technological skills -- has apparently ballooned in just the last few months.  Google's Gmail service was attacked from somewhere in China, and there have been debates over whether cyber attacks from other countries qualify as acts of war.

"It feels to me like there are definitely more hacks taking place," said Graham Cluley, who analyzes online trends for the computer-security firm Sophos.  In an email to ABC News, he broke the attackers into three types:

-- "Hacktivists: They may be doing it for laughs, or believe they are making a political point, but they don't have a financial motive," Cluley said.

-- Genuine criminals:  Cluley called them "your regular identity thieves -- interested in stealing identities, credit card detail, because of the money that can be made out of them."

-- Infiltrators: "These are the hackers who appear to be hacking organizations and government bodies with the intention of stealing sensitive information with -- perhaps -- military or economic motivation," said Cluley. 

He cited attacks on U.S. military contractors, such as an internal network at the aerospace giant Lockheed Martin as a recent example.

Cluley said one likely increase was in the number of organizations admitting they'd been hacked.  The number of attacks is tremendous, he said, though most are unsuccessful or, in many cases, merely annoying.

Copyright 2011 ABC News Radio


Google's New Online Reputation Tool: Me on the Web

ABC News(MOUNTAIN VIEW, Calif.) -- Michael Fertik, CEO of, said he was excited to find more than 100 emails in his inbox Thursday about a new Google tool aiming to help people take control of their online identity.

"The biggest thing [Google] could do is validate the space, which is really cool," said Fertik, whose company sells technology for managing online reputations.

Located in your Google dashboard, the tool "Me on the Web" uses Google alerts to send notifications whenever someone has posted specific information about you online.

"If you haven't set up alerts yet, Me on the Web makes it even easier to do so and even automatically suggests some search terms you may want to monitor," product manager Andreas Tuerk wrote in Google's public policy blog.  "This is just one of our first steps in continuing to explore ways to help make managing your identity online simpler."

The only problem, Fertik said, is that Google alerts are "notoriously non-comprehensive."

Although Google alerts can help you find where your personal information ended up, actually removing that information from the Web is much trickier.

If you find your information on a website you don't own, Google advises contacting the webmaster to ask that it be removed from the server or blocked from being included in the Google index.  That way, when Google crawls the website, Google's search results will no longer display your information.

To expedite the process, you can use the Google URL removal request tool -- but again, that is only effective if the information has already been removed or blocked by the webmaster.

In addition to removing information, Google recommends adding information that you want people to find when they search for your name.  The new Google reputation tool suggests creating a Google profile, which is "visible to anyone on the Web, and anyone with your email address can discover it."

The profile allows you to select the information you want to display about yourself, similar to the networking website LinkedIn.  You can include pictures, display contact information and link to other websites about you.

Copyright 2011 ABC News Radio


Nine Crucial Steps to Protecting Yourself Online

Jupiterimages/Thinkstock(NEW YORK) -- The U.S. Senate, Citigroup, Sony, and Google have all been hacked in the past month.  If such behemoths can't protect themselves, how can you as an individual?

ABC News contacted cyber security experts to provide helpful tips on how you can protect yourself from theft, identity fraud, and other online dangers.

Although you should be wary when providing information about yourself online, experts say, individuals have a much lower threat of direct, coordinated attack than large companies and public figures.

"The average person should know that they are not as much as a target individually," Mark Rasch, director of cyber security and privacy consulting for CSC and a former member of the U.S. Department of Justice division that deals with cyber crimes, told ABC News.  "While there are these broad sweeps of people trying to break into any place they can, by and large hacking activity is targeted at companies that hold information about you, not your personal machine."

In general, you should remember to use a common sense approach to browsing and posting information online.

Here are nine crucial steps for safe browsing:

1. Use powerful passwords: The more complicated the password, provided you can still remember it, the better.  A combination of letters, numbers, uppercase, lowercase and special characters is best.  Also make sure you use a password that is not intricately connected to information about you, such as your date of birth or your mother's name, because thieves might be able to track down that information.

2. Use updated reputable anti-viral and anti-malware software: Norton and McAfee are the best known but there are also several free options available online.

3. Don't use the same ID and password: "Just like you have a ring of keys, you have a key to your house and a key to your car, you need a different key for each site," said E.J. Hilbert, president of Online Intelligence and a former FBI agent who investigated cases of cyber crime.  "If I get your Facebook account, because your email account is your logon, then I probably also have your email account.  And then if I have your email account, I can probably get your bank account and things like that."

4. Google yourself: Be aware of the information about you that is available online.  One of the ways in which individuals are compromised is when a hacker or con man uses information that they've found out about you through a simple search and manipulate it.

5. Be wary of "phishing" attacks: "Any time you see a link in an email, be wary," Rasch said. 

A good rule is: When in doubt, type it out.  Although the URL may look trustworthy, con men hide bad links in hyperlinks.  "If you type in the thing yourself, you'll be able to see if that email was real or not," Hilbert said.

In general, read the URL and use a common sense approach.  If it says ".ru" instead of ".com," ask yourself, "Does it make sense that my bank site is being hosted in Russia?"

6. Pay attention to misspellings: If the site doesn't look right, check your spelling.

7. Understand how your data is shared: Although you might have provided your contact information to your local supermarket, they might not be the ones storing that information.  Many companies outsource that kind of storage to a third party.

8. Try to use one credit card for online purchases: This way, if your information is compromised, you know exactly which card is breached.  If you are notified of a breach, get a new card.

9. If breached, change the password and security questions: Many people simply change their passwords if they believe there accounts have been compromised.  Make sure you also change the security question that many sites ask in conjunction with a password.

Copyright 2011 ABC News Radio


Citibank Breach: Six Tips to Bank Online Safely

Hemera Technologies/Thinkstock(NEW YORK) -- Citibank acknowledged that a data security breach has exposed information on about 210,000 of its bankcard customers.  While these data breaches seem to be growing more commonplace, experts offer tips to make online banking more secure.

Citi's incident, one of the first known hacking cases at a bank, compromised data including credit card account numbers, names and contact information like email addresses.  There have been several other public hacking announcements this year from Sony, Lockheed Martin, and Michael's Stores, leaving consumers feeling overwhelmed by security concerns.

Adam Levin, co-founder of and former director of the New Jersey Division of Consumer Affairs, said it is best for consumers to carry the mindset that there will be more data breaches in the future.

"The level of sophistication of hacking has grown exponentially," Levin said.  "And the bad guys are ahead of the good guys."

Avivah Litan, security analyst with technology research and advisory firm Gartner, said that for both online banking and online credit card management, consumers have "very good protection" under a rule set forth by the Federal Reserve called Regulation E that limits consumer liability for unauthorized card usage.  Though consumers may experience an inconvenience, they will almost always recover financially, she said.

Large businesses usually can afford security protection for their banking.  But Litan said online banking for small businesses is "very risky" because Regulation E does not apply to businesses.

To limit the exposure of you or your business in online banking, here are some tips from some security experts:

1. Never accept incoming communications purporting to be from financial institutions you do business with, whether by email or phone call.

"Call them back using only the phone numbers published on your cards or statements," Richard Wang, manager of SophosLabs US, said.

2. Update your security software on your computer.

"Make sure it's malware protection and have the most sophisticated firewalls and anti-intrusion software," Levin said.  "Those start screaming at you anytime you're even near something that has a worm on it."

3. Check the security of your mobile device and your mobile banking apps.

Mobile banking and payments are becoming more common, which means hackers may pay more attention in that marketplace also.

Andrew Hoog, chief investigative officer of viaForensics, a digital forensics and security company, found three unencrypted (i.e., less secure) passwords in apps for Foursquare, LinkedIn and Netflix on the Android in a recent round of app security testing.  Citibank received a "pass" rating for its app.

4. When logging in to perform online transactions, always enter the website address directly in your browser.

Never click links that claim to take you to banking sites.

5. Use strong passwords and don't reuse your bank password elsewhere.

Use two factor authentication if your bank offers it, such as confirmation numbers by text message to your phone, Wang said.

Levin adds that you should even have unusual answers to additional security questions.

"If they ask for your mother's maiden name, say 'superwoman,' or something outrageous that you would only know," Levin said.

6. Be active in monitoring your financial accounts.

Levin said he does not believe eliminating your online accounts is the answer because they can be the best tools to monitor your financial activity in real time.  He suggests you monitor your online accounts at least once a day.

Copyright 2011 ABC News Radio


Group Claims It Hacked Sony Website, Stole Customer Information

AFP/AFP/Getty Images(TOKYO) -- Sony has been hacked yet again.

This time, a hacker group known as "Lulzsec" claims it has stolen the personal information of more than one million people from the Sony Pictures Entertainment website.  The group says it obtained passwords, email addresses and birthdates of customers in the U.S. and posted the information on their website.

The hackers say the breach was easy because none of the data was encrypted.

This latest attack comes after a separate security breach exposed the personal information of 100 million PlayStation network users in April.

Copyright 2011 ABC News Radio


Pentagon to Take Military Action Against Cyber Attacks?

Jupiterimages/Thinkstock(WASHINGTON) -- Hacker attacks have become more widespread and damaging lately, enough so that the government is considering stepping in and taking military action.

According to the Wall Street Journal, some top officials at the Pentagon are now calling computer sabotage an act of war, and are considering using military force as one way to respond to the malicious attacks against the U.S.  Doing so may warn potential adversaries about hacking.

Internet security lawyer Parry Aftab says there's no such thing as a harmless cyber attack.

"Everything on the Internet belongs to someone," he says.

Businesses also stand to lose a lot if hacked and have been at the center of the most recent breaches.  Defense contractor Lockheed Martin and broadcaster PBS were the latest victims of cyber break-ins this past weekend.  Prior to that, Sony's PlayStation network was hacked, compromising the accounts of more than 100 million customers.

Copyright 2011 ABC News Radio


Sony Reports New Cyber Attacks on Multiple Websites

AFP/AFP/Getty Images(TOKYO) -- Sony announced Wednesday that hackers have broken into the Sony Ericsson website in Canada and the Sony Music Entertainment website in Greece, putting the personal information of more than 10,000 users at risk, according to the BBC.

The Japanese company said although users' credit card information was not compromised, their e-mails, passwords ,and phone numbers were.

This latest breach comes on the heels of the largest cyber security breach involving Sony's PlayStation Network service, which shut down the system and jeopardized the information of 100 million users.

Two other websites -- one in Indonesia and one in Thailand -- were also hacked on Wednesday but no information was taken, Sony spokesman George Boyd told the BBC.

All four websites have been shut down for now.

Copyright 2011 ABC News Radio


Hackers Find Another Security Hole in Sony's PlayStation Network

Stockbyte/Thinkstock(TOKYO) -- Just a few days after Sony began restoring the PlayStation Network because of a massive worldwide security breach, the company learned of a new security hole Wednesday.

As a result, Sony was forced to temporarily take down a Web page where users could reset passwords for their PlayStation accounts, the result of the first security breach discovered about four weeks ago.

Initially, Sony said birth dates, email addresses and perhaps credit card information were compromised because of the hacking of its PlayStation Network, which affected over 100 million users.

Things appeared to get back to normal a few days ago until the new security hole was discovered that could once again enable hackers to get a hold of accounts.

As of late Wednesday, the password reset page remained down, although Sony insisted that the security hole was fixed.

Copyright 2011 ABC News Radio

ABC News Radio